The Inevitability Of Failure : The Flawed Assumption Of Security

1886 Words8 Pages
Summary of Article “The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments” The article, which addresses security loopholes in modern computing environments, by Loscocco et al highlights what is and has been being done security wise in the past and how secure these implementations were and going forward what should be done to ensure in depth security which guarantees system wide security (1998). The article first explains features of secure operating system and why current systems implemented under the notion of application space security ultimately failed to safe guard the integrity and confidentiality of our assets. The article then continued with general examples of access control and cryptography implemented in the application space with no or little support from operating system and showed their vulnerabilities to attacks such as tampering, bypassing and spoofing. The article supplied real-life examples to support the evidence that building security in the application space without secure operating system is meaningless. The article raised concrete examples on mobile code security, Kerberos network authentication service, IPSEC and SSL network security protocols and firewall. The paper finally put an interesting remark that security implemented in application space without secure operating system is like “building a house in a pile of sand” and it also emphasized that secure operating system without better security on the
Open Document